Created
April 13, 2017 18:31
-
-
Save ahoog42/dd51940f805295b8e4c30819ae2037f6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Setup rsync to Ubuntu Server 16.10 (Digital Ocean) | |
## setup ssh on server and client | |
### on server | |
#### add new use, add to sudo group | |
adduser non-root-user | |
usermod -aG sudo non-root-user (gpasswd -a non-root-user sudo) | |
sudo apt-get install ssh | |
And secure sshd - https://thepcspy.com/read/making-ssh-secure/ | |
- sudo apt-get install fail2ban | |
In /etc/ssh/sshd_config | |
- Port 22 -> Port 942 ??? | |
- PermitRootLogin no | |
- PasswordAuthentication no | |
- ChallengeResponseAuthentication no | |
- UsePAM no??? | |
sudo service ssh restart | |
## setup non-sudo backup user (server) | |
sudo adduser --disabled-password bkup | |
sudo mkdir /home/bkup/.ssh | |
sudo touch /home/bkup/.ssh/authorized_keys | |
sudo chmod 700 /home/bkup/.ssh | |
sudo chmod 600 /home/bkup/.ssh/authorized_keys | |
sudo chown -R bkup.bkup /home/bkup/.ssh | |
### client | |
#### macOS / OSx | |
already installed. | |
###### create new key-pair with no passcode (client) | |
ssh-keygen -f ~/.ssh/id_backup -C "user-gmail-com" | |
ssh-copy-id -i ~/.ssh/id_backup bkup@192.168.1.2 (won't work, manually move over for now) | |
## launchd monitoring when file changes | |
vim ~/Library/LaunchAgents/io.nopanic.backup.plist | |
### setup rrsync | |
sudo -s | |
gunzip /usr/share/doc/rsync/scripts/rrsync.gz -c > /usr/local/bin/rrsync | |
exit | |
sudo chmod 755 /usr/local/bin/rrsync | |
sudo chown root:root /usr/local/bin/rrsync | |
sudo mkdir -p /var/backup/user-gmail-com | |
sudo chown bkup.bkup /var/backup/user-gmail-com | |
sudo vim /home/bkup/.ssh/authorized_keys | |
command="/usr/local/bin/rrsync /var/backup/user-gmail-com/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAA[... your full pubkey here...] | |
## backup (client) | |
vim /usr/local/bin/bkup.sh | |
#!/bin/sh | |
BACKUP_SERVER=192.168.1.2 | |
USER=bkup | |
FILE=~/some/file | |
rsync -avz --rsync-path='rsync --server --fake-super' --rsh='ssh -i ~/.ssh/id_backup' $FILE $USER@$BACKUP_SERVER:/ | |
chmod 755 /usr/local/bin/bkup.sh | |
vim ~/Library/LaunchAgents/io.nopanic.backup.plist | |
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Label</key> | |
<string>io.nopanic.backup</string> | |
<key>ProgramArguments</key> | |
<array> | |
<string>/usr/local/bin/bkup.sh</string> | |
</array> | |
<key>StartCalendarInterval</key> | |
<dict> | |
<key>Minute</key> | |
<integer>1</integer> | |
</dict> | |
<key>StandardErrorPath</key> | |
<string>/tmp/sync.log</string> | |
<key>StandardOutPath</key> | |
<string>/tmp/sync.err</string> | |
</dict> | |
</plist> | |
launchctl load ~/Library/LaunchAgents/io.nopanic.backup.plist | |
does this survive a reboot? yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment